CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36036 – Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
https://notcve.org/view.php?id=CVE-2022-36036
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. mdx-mermaid proporciona acceso plug and play a Mermaid en MDX. • https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25921 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-25921
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. • https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46 https://security.snyk.io/vuln/SNYK-JS-MORGANJSON-2976193 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25644 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-25644
All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. • https://github.com/pendo324/get-process-by-name-js/blob/34e8a279a94fa23acb13e302e9516ab1ea8d8731/index.js%23L27-L28 https://security.snyk.io/vuln/SNYK-JS-PENDO324GETPROCESSBYNAME-2419094 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37053
https://notcve.org/view.php?id=CVE-2022-37053
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. TRENDnet TEW733GR versión v1.03B01, es vulnerable a una inyección de comandos por medio del archivo /htdocs/upnpinc/gena.php. • http://trendnet.com https://drive.google.com/file/d/1P_-h5wNtRiyVToDUjRNZhsmtILINv7EL/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36756
https://notcve.org/view.php?id=CVE-2022-36756
DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. DIR845L A1 versión v1.00-v1.03, es vulnerable a una inyección de comandos por medio del archivo /htdocs/upnpinc/gena.php. • https://drive.google.com/file/d/1S9MODTsa70LS3UPFY1ohyPJXtqr17IkQ/view?usp=sharing https://www.dlink.com/en/security-bulletin • CWE-94: Improper Control of Generation of Code ('Code Injection') •